https://sites.google.com/view/aitrader-open-guide/open-guide
172.253.62.102 · Google LLC
Mountain View, United States
10508 days
200 · 85.8s
Valid· WR2, Google Trust Services, US
COMPLETED
Domain Intelligence: google.com
Scanned 5 times since Feb 14, 2026, 10:58 AM UTC
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Google Sites
Vendors
28/31
Status
partial
Registered-domain escalation
Submit google.com as the primary IOC, enriched with evidence from hostile subdomains like sites.google.com.
No KB/IOK detections were recorded for this scan.
Technology · 7/19/2026
The page is hosted on a legitimate Google Sites domain (sites.google.com) with a valid Google SSL certificate. The visible page title is AI Agent Setup Guide, and the content appears to be a user-created guide rather than an official brand page. There is strong evidence of SPA-like behavior and multiple external Google/ATARI/Drive assets and logging endpoints, but no explicit credential harvesting form found in the static HTML. Based on the visuals in the attached screenshot, there is no clear impersonation of a well-known brand within the page content itself; the branding shown does not resemble a consumer financial or security service. However, the presence of many external scripts and log endpoints suggests analytics and potential data collection, which warrants caution for abuse potential in a first-party hosting context.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 0
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 32
Hosts: 10
Domains: 5
The page is hosted on an official Google Sites domain, and SSL certs indicate legitimate Google infrastructure. The visible branding is a generic 'AI Agent Setup Guide' without impersonating a specific consumer brand. However, the page loads substantial external JavaScript and logs impressions to Google endpoints, which could enable data collection or analytics invisible to the user. The absence of static login forms reduces immediate credential-theft risk on the static HTML, but the SPA could render credential fields dynamically. Overall, there is no concrete evidence of credential harvesting or impersonation of a known brand from the captured signals; monitor for odd data exfiltration behaviors and ensure the page is not used to collect sensitive data via dynamic UI.
Monitor